User authenticated encrypted communication link

ABSTRACT

Systems and methods are provided for establishing a secure communication link between a first client and a second client. One exemplary computer-implemented method for establishing a secure communication link between a first client and a second client includes accessing, from a storage, identification information of a user of the first client. The method further includes receiving a Domain Name Service (DNS) request from the first client requesting a secure network address corresponding to a secure domain name associated with the second client. The method further includes authenticating the user based on the user identification information. The method also includes transmitting the secure computer network address in response to the DNS request based on a determination that the user has been authenticated. A secure communication link between the first client and the second client is established based on the secure computer network address.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a Continuation of U.S. application Ser. No.14/037,301, filed Sep. 25, 2016 (now allowed), which claims the benefitof priority under benefit of priority under 35 U.S.C. § 119 from U.S.Provisional Patent Application. Ser. No. 61/705,457 entitled “BiometricEnhanced Secure Domain Names,” filed on Sep. 25, 2012, the disclosure ofwhich is hereby incorporated by reference in its entirety for allpurposes.

BACKGROUND

Technical Field

The present disclosure relates generally to the field of secureelectronic communications between two or more electronic communicationsdevices. More particularly, and without limitation, the presentdisclosure relates to systems and methods for establishing a securecommunication link between electronic communications devices in whichusers of the devices are authenticated to establish the securecommunication link.

Description of the Related Art

The Internet has experienced explosive growth and use in recent years.Moreover, with the advent of smartphones, tablets, and personal digitalassistants (PDAs), users have become accustomed to transmitting andreceiving information from users of other devices on a regular basis andfrom any location. A vast amount of such electronic communication,however, remains vulnerable to access by third party eavesdroppers, whomay access the information in transit between the communicatingelectronic devices and/or users. Ii is desirable to exchange informationprivately between the participating devices, without allowingunauthorized access to the information.

A variety of methods have been proposed to establish securecommunication links between devices. Some of these methods rely onencryption of the information before it is communicated. This requiresproviding a recipient device with means to unencrypt the informationupon receipt. Although the information may be encrypted during transit,current methods may not prevent a rogue user with access to anotheruser's device from accessing the encrypted information received by thatuser's device.

SUMMARY

In view of the above deficiencies, there is a need for improved systemsand methods for establishing a secure communication link betweenelectronic devices in which the users of the communicating devices areidentified and authenticated. More particularly, there is a need forimproved systems and methods, which restrict use of the securecommunication link to authenticated users at both ends of the link.

In accordance with the present disclosure, systems and methods areprovided for establishing a secure communication link between two ofmore electronic communication devices. In accordance with certainembodiments, a method for establishing a secure communications link withauthenticated users at both ends of the link is provided. As disclosedherein, embodiments of the present disclosure may allow an electronicscommunication device or a client to establish a secure communicationlink with another client only when users of both clients have beenauthenticated. Embodiments of the present disclosure may also allowregistration of users with their authentication information to enableauthentication of the users before establishing a secure communicationlink.

In accordance with one exemplary embodiment, a computer-implementedmethod is provided for establishing a secure communication link betweena first client and a second client. By way of example, the methodcomprises: accessing, from a storage, identification information of auser of the first client; receiving a Domain Name Service (DNS) requestfrom the first client requesting a secure network address correspondingto a secure domain name associated with the second client;authenticating the user based on the user identification information:and transmitting the secure computer network address in response to theDNS request based on a determination that the user has beenauthenticated, wherein a secure communication link between the firstclient and the second client is established based on the secure computernetwork address.

In accordance with another exemplary embodiment, the step ofauthenticating the user in the computer-implemented method includes:receiving, from the first client, a first hash value based on theidentification information; comparing the first hash value to a secondhash value; sending an accept notification to the first client when thefirst hash value matches the second hash value; and sending a rejectnotification to the first client when the first hash value does notmatch the second hash value.

In accordance with another exemplary embodiment, the step of receivingthe first hash value in the computer-implemented method includes:retrieving a random vector and a random hash key from the server;sending the retrieved random vector and random hash key to the firstclient; receiving, from the first client, the first hash value, thefirst hash value being generated by: generating a user vector bycombining the random vector and the identification information; andperforming a hashing operation on the user vector using the random hashkey.

In accordance with another exemplary embodiment, thecomputer-implemented method further includes: receiving a user name forthe user from the first client; accessing a database that stores secondhash values in association with user names; and retrieving the secondhash value corresponding to the user name from the database.

In accordance with another exemplary embodiment, thecomputer-implemented method further includes: authenticating, inaddition to the user, the first client; and transmitting the securecomputer network address in response to the DNS request based on adetermination that the user has been authenticated and also that thefirst client has been authenticated.

In accordance with another exemplary embodiment, a secure domain nameserver is provided for establishing a secure communication link betweena first client and a second client. By way of example, the secure domainname server includes: a data storage device storing identificationinformation for a plurality of clients; and one or more processors. Theone or more processors may be configured to: access, from the storage,identification information of a user of the first client; receive aDomain Name Service (DNS) request from the first client requesting asecure network address corresponding to a secure domain name associatedwith the second client; authenticate the user based on the useridentification information; and transmit the secure computer networkaddress in response to the DNS request based on a determination that theuser has been authenticated, wherein a secure communication link betweenthe first client and the second client is established based on thesecure computer network address.

In accordance with another exemplary embodiment, the one or moreprocessors of the server may be further configured to: receive, from thefirst client, a first hash value based on the identificationinformation; compare the first hash value to a second hash value; sendan accept notification to the first client when the first hash valuematches the second hash value; and send a reject notification to thefirst client when the first hash value does not match the second hashvalue.

In accordance with another exemplary embodiment, the one or moreprocessors of the server may be further configured to: retrieve a randomvector and a random hash key front the server; send the retrieved randomvector and random hash key to the first client; receive, from the firstclient, the first hash value, the first hash value being generated by;generating a user vector by combining the random vector and theidentification information; and performing a hashing operation on theuser vector using the random hash key.

In accordance with another exemplary embodiment, the one or moreprocessors of the server may be further configured to: receive a username for the user from the first client, access a database that storessecond hash values in association with user names; and retrieve thesecond hash value corresponding to the user name from the database.

In accordance with another exemplary embodiment, the one or moreprocessors of the server may be further configured to: authenticate, inaddition to the user, the first client; and transmit the secure computernetwork address in response to the DNS request based on a determinationthat the user has been authenticated and also that the first client hasbeen authenticated.

In accordance with another exemplary embodiment, the one or moreprocessors of the server may be further configured to: determine whetherthe first client is enabled for biometric authentication of the user;and perform the accessing and authentication steps based on adetermination that the first client is enabled for biometricauthentication of the user.

Additional objects and advantages of the embodiments of the presentinvention will be set forth in part in the description which follows,and in part will be obvious from the description, or may be learned bypractice of the embodiments of the present disclosure.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory onlyand are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this present disclosure, illustrate several embodiments of thepresent disclosure and, together with the description, serve to explainthe principles of the present disclosure. In the drawings:

FIG. 1 shows an exemplary secure communication system for implementingembodiments of the present disclosure;

FIG. 2 shows an exemplary method of registering a user, consistent withan embodiment of the present disclosure,

FIG. 3 shows an exemplary method of authenticating a user to provide auser-authenticated secure communication link, consistent withembodiments of the present disclosure,

FIG. 4 shows another exemplary method of authenticating a use to providea user-authenticated secure communication link, consistent with anembodiment of the present disclosure;

FIG. 5 shows another exemplary method of registering a user, consistentwith an embodiment of the present disclosure;

FIG. 6 shows another exemplary method of authenticating a user toprovide a user-authenticated secure communication link, consistent withembodiments of the present disclosure; and

FIG. 7 shows another exemplary method of authenticating a user toprovide a user-authenticated secure communication link, consistent withan embodiment of the present disclosure.

DETAILED DESCRIPTION

Reference will now be made in detail to the present exemplaryembodiments of the present disclosure, examples of which are illustratedin the accompanying drawings. Wherever possible, the same referencenumbers will be used throughout the drawings to refer to the same orlike parts.

FIG. 1 shows a block diagram of an exemplary secure communication system100 for implementing embodiments and features of the present disclosure.The arrangement and number of components in system 100 is provided forpurposes of illustration. Additional and/or different arrangements,components, or other modifications may be made, consistent with thepresent disclosure.

As shown in FIG. 1, system 100 may include one or more devices orclients 102, 104. By way of example, clients 102, 104 may includesmartphones, tablets, netbooks, electronic readers, personal digitalassistants, personal computers, laptops, pagers, and/or other types ofuser electronic communication devices. It is also contemplated thatclients 102, 104 may include desktop computers, servers, or other userdevices connected to servers. Clients 102, 104 may be implemented withdevices, and/or applications running thereon.

Client 102 may be configured to communicate with server 106 via acommunication link 108. Communication link 108 may be part of theInternet and/or another type of wide area network, an intranet, ametropolitan area network, a local area network, a wireless network, acellular communications network, etc. In some embodiments, client 102 orserver 106 may configure communication link 108 as a securecommunication link between client 102 and server 106. For example,communication link 108 may be an administrative virtual private network(VPN) between first client 102 and server 106, which may be establishedusing the systems and methods disclosed in U.S. patent application Ser.No. 13/617,375 (the ‘375 application), the entire contents of which areexpressly incorporated herein by reference. In other embodiments,communication link 108 may be an encrypted communication link betweenclient 102 and server 106. In still other embodiments, communicationlink 108 may be an “in-the-clear” link between client 102 and server106, as described in the ‘375 application.

Like client 102, client 104 may be configured to communicate with server106 via a communication link 110. Communication link 110 may have asimilar structure, features, and/or method of operation as communicationlink 108. Further, like communication link 108, in some embodiments,client 104 or server 106 may configure communication link 110 as asecure communication link between client 104 and server 106 similar tothat described above with respect to communication link 108.

Client 102 may include a number of components, such as one or morehardware computer processor(s) (not shown) for performing operationsrelated to the present disclosure. Client 102 may also include memorydevice(s) (not shown) and/or other data storage devices for storinginstructions executed by the processor(s) and/or for storing data.Examples of memory devices and other storage devices include harddrives, RAID arrays. NOR or NAND flash memory devices, Read Only Memory(ROM) devices, etc. Client 102 may also include a display device (notshown) for displaying a variety of data and information to a user ofclient 102. In addition, client 102 may be equipped with input devices(not shown). By way of example, these input devices may include physicalkeyboards, virtual touch-screen keyboards, mice, joysticks, styluses,etc. In certain embodiments, client 102 may also be capable of receivinginput through a microphone using voice recognition applications.Consistent with the disclosed embodiment, the input device may beconfigured to accept biometric user identification input from the user,such a photograph, a fingerprint, a speech sample, a facial image, animage of a retina or iris, or any other biometric information of theuser. Client 104 may include components, features, and/or methods ofoperation as described above with respect to client 102.

Server 106 may identify one or more servers configured to interact withclients 102, 104 and/or database 112. Like clients 102, 104, server 106may include a number of computing components, features, and/or methodsof operation similar to those described above with respect to clients102, 104, e.g., hardware processor(s), memory(ies), and/or data storagedevices. In addition, consistent with some embodiments, server 106 maybe implemented as a unitary server, a server system comprising aplurality of servers, or a server farm comprising a load balancingsystem and a plurality of servers. In one exemplary embodiment, server106 may be configured as a secure domain name service. For example,server 106 may provide a secure domain name service as disclosed in the'375 application. In general, server 106 may be configured to receive aquery, such as a domain name server (DNS) request, for a secure networkaddress corresponding to a secure domain name.

Clients 102, 104 may establish a secure communication link 116 betweeneach other using secure domain name information provided by server 106,using one or more methods described in the '375 application combinedwith the one or more methods described in this disclosure. Communicationlink 116 may be a secure communication link between clients 102, 104over a public network, such as the Internet, a wide area network, ametropolitan area network, a wireless network, a cellular communicationsnetwork, etc. In one embodiment, communication link 116 may be a virtualprivate network (VPN) established between clients 102, 104, which may beestablished using the systems and methods disclosed in the '375application. The VPN may be a network of computers, including clients102, 104, which privately and directly communicate with each other byencrypting traffic over insecure communication paths (e.g., the publicnetwork) between the computers as though they were on the same privatenetwork. For example, the VPN may implement packet tunneling and/orpacket payload encryption over the public network. In one embodiment,the tunneling may include a network address hopping regime and/or apacket transport scheme described in the '375 application. In otherembodiments, communication link 116 may simply be an encryptedcommunication link.

Server 106 may be in communication with database 112 via communicationlink 114. Database 112 may be collocated with server 102, or may includeone or more logically and/or physically separate databases (e.g., as aservice provider) configured to store data. The data stored in database112 may be received from servers 106, directly from clients 102, 104,and/or may be provided as input using conventional methods (e.g., dataentry, data transfer, data uploading, etc.). The data stored in database112 may take or represent various forms including, but not limited to,user names, user identification information, and/or other data requiredto establish secure communication links between clients 102, 104 and/orserver 106.

In some embodiments, database 112 may be implemented using acomputer-readable storage medium. In other embodiments, database 112 maybe maintained in a network attached storage device, in a storage areanetwork, or combinations thereof, etc. Furthermore, database 112 may bemaintained and queried using numerous types of database software andprogramming languages, such as SQL, MySQL, IBM DB2®, Microsoft Access®,PERL, C/C++, Java®, etc.

Although the above description describes clients 102, 104 and server 106separately, clients 102, 104 may perform the role of servers 106 andvice-versa. Server 106 may also be collocated with, or on client 102,104. For example, server 106 may be implemented as a secure name servicemodule running in the client's web browser. Additionally, clients 102,104 may have the same hardware components as servers 106. Furthermore,the embodiments of this disclosure may also be implemented on the samedevice serving, for example, both as a client 102, 104 and a server 106.Additionally, although the above description describes database 112 asbeing associated with server 106, it is contemplated that clients 102,104 may additionally or alternatively communicate with database 112 tostore or retrieve data and other information.

FIG. 2 shows a flowchart of an exemplary registration method 200,consistent with an embodiment of the present disclosure. As furtherdescribed below, the exemplary registration method 200 may beimplemented for registering one or more users of clients 102, 104 withserve 106, database 112, and/or the secure name service implemented byserver 106. Method 200 may be implemented by the processor(s) of client102 and/or server 106 executing computer-readable program instructions.

As shown in FIG. 2, method 200 may include a step 202 of establishing asecure communication link 108 (e.g., an administrative VPN or an“in-the-clear” link) between client 102 and server 106. Step 202 may beaccomplished using one or more of the methods disclosed in the '375application. Upon establishing the secure communication link betweenclient 102 and server 106, server 106 knows the secure domain name ofclient 102. In one exemplary embodiment, client 102 may have a securedomain name having the form “device-a.user-a.domain.scom,” where“device-a” may refer to client 102 and “user-a” may refer to a user ofclient 102. Additionally, “a.domain.scom” may refer to the secure domainof client 102. Further. “device-a” may include device informationregarding client 102. For example, “device-a” may include a secureInternet protocol (IP) address of client 102. In some exemplaryembodiments, “device-a” may include other characteristics of client 102,such as a MAC Address or any other information, which may uniquelyidentify client 102.

Method 200 may include a step 204 of obtaining user identificationinformation from a user of client 102. In one exemplary embodiment,client 102 may obtain the user identification information via one ormore input devices associated with client 102. Client 102 may also beconfigured to store the user identification information received fromthe input devices in a memory or storage device associated with client102. Client 102 may also be configured to store the user identificationinformation received from the input devices in a temporary storagedevice associated with client 102, in one exemplary embodiment, client102 may access a memory or other storage device associated with client102 to retrieve previously stored user identification information for auser.

The user identification information may include first identificationinformation (for example, a user name of the user), secondidentification information (for example, biometric identificationinformation of the user), of a combination thereof. The user name mayinclude a login name of the user of client 102, an e-mail address of theuser, or any combination of letters, numbers, and/or symbolsrepresenting the user. In one exemplary embodiment, the user name mayinclude the entire secure domain name for client 102, including the username. For example, the user name of a “user-a” of client 102 may takethe form “device-a.user-a.domain.scom.” In another exemplary embodimentthe user name may include the user name associated with the domain ofclient 102. For example, the user name may take the form“user-a.domain.scom.”

The biometric identification information (or “biometric information) maybe a photograph, a fingerprint, a speech sample, a facial image, animage of a retina or iris, of the user or any other biometricinformation known in the art for the user. One of ordinary skill in theart would recognize that the data representing the biometric informationmay take many forms, including an image file, a sound file, or a set ofvalues representing the biometric information. In one exemplaryembodiment, the biometric information may be represented using abiometric identification vector (also referred to as “useridentification vector) containing values representing the biometricinformation. It is to be appreciated that a biometric measurement for auser (e.g., a fingerprint scan), taken at client device 102, may benoisy and therefore may not be exactly identical each time a biometricmeasurement is obtained from a user. In one exemplary embodiment, thebiometric information obtained from a user of client 102 may be roundedor approximated, within an acceptable deviation or variation of thebiometric information, and the rounded or approximated biometricinformation may be represented by one or more user identificationvectors. While the embodiments described below is illustrated with asingle user identification vector, it should be understood that onepracticed in the art can extend these embodiments to include multipleidentification vectors and multiple hash values. Rounding orapproximating the biometric information in this manner may reducevariations in the biometric information, within the acceptabledeviation, so that that the biometric information can be reliably usedin the user authentication methods 300 (FIG. 3) and 400 (FIG. 4), whichwill be discussed in detail below.

Method 200 may include a step 206 of transmitting a registration requestincluding a user name. In one exemplary embodiment client 102 may send aregistration request including the first identification information (forexample, user name) to server 106. The user name may be the user nameentered by the user in step 204. Depending upon the particularimplementation, the registration request may or may not include the useridentification vector. Method 200 may include a step 208 of generating arandom vector and a random hash key. In one exemplary embodiment, uponreceipt of the user name from client 102, server 106 may generate arandom vector, which may include randomly-selected values. The randomvector may be one-dimensional or multi-dimensional, and may have arandomly selected size. Further, in step 208, server 106 may generate arandom hash key. The random hash key and/or the random vector may begenerated using randomization schemes well known in the art.

As further illustrated in FIG. 2, method 200 may include a step 210 oftransmitting the random vector and the random hash key. In one exemplaryembodiment, server 106 may transmit the random vector and random hashkey to client 102.

Method 200 may further include a step 212 of generating a hash valuerepresenting the user based on the random vector and random hash keyreceived from server 106. In one exemplary embodiment, client 102 maycombine the random vector received from server 106 with a secondidentification information of the user (for example, user identificationvector obtained in step 204) to create a user vector. Client 102 maycombine the random vector and user identification vector in many ways.For example, client 102 may add the random vector to the useridentification vector. One of ordinary skill in the art would recognize,however, that client 102 may combine the random vector and the useridentification vector using one or more other mathematical operationswell known in the art. Client 102 may generate a user hash value byperforming a hashing operation on the user vector using the random hashkey provided by server 106. Client 102 may employ hashing algorithmswell known in the art to generate the hash value.

Method 200 may also include a step 214 of transmitting the user hashvalue. In one exemplary embodiment, client 102 may transmit the userhash value to server 106. Further, process 200 may include a step 216 ofstoring the user name in database 112. Step 216 may also include storingdevice information of client 102, the random vector, the random hashkey, and the user hash value received from client 102, in associationwith the user name and device information in database 112. In oneexemplary embodiment, server 106 may store the user name, deviceinformation of client 102, the random vector, the random hash key, andthe user hash value in association with each other in database 112.

One of ordinary skill in the art would recognize that biometricinformation of the same user, collected on different devices, may bedifferent. One of ordinary skill in the art would further recognize thatto correctly identify a user and the user's device. i.e., client 102, itmay be necessary to associate device information of the device on whichbiometric information was obtained for a user with the user name of theuser. Server 106 may pre-register users of client 102 in database 112using method 200. Further, server 106 may pre-register users of client104 in database 112, using method 200, in a manner similar to thatdescribed above with respect to registering users of client 102.However, it is to be appreciated that registration method 200 may beperformed at any time before or during the course of establishing ofcommunication link 116.

While the above exemplary registration process has been described withrespect to database 112 associated with server 106, it will beunderstood that a similar registration process may occur with respect todatabases associated with clients 102 and 104. For example, in additionto registering with server 106, client 102 may register itself withclient 104. Accordingly, steps 202 through 216 may be carried outbetween client 102 and 104 with client 104 storing in its databasedevice information of client 102, the random vector, the random hashkey, and the user hash value received from client 102. Similarly, client104 may register itself with client 102. Additionally, client 104 mayperform a similar registration process with server 106 and/or client 102in order to register itself. In the event clients 102 and 104 registerwith each other, the registration process may be carried out throughserver 106, which may act as an intermediary. Alternatively, clients 102and 104 may establish a communication link with each other that may besecure to the extent that the data transmitted on the link is encrypted,for example. At this time, clients 102 or 104 may not be aware of eachother's secure IP or network address that is used to establish thesecure communication link 116 in the methods 300 (FIG. 3) and (FIG. 4),discussed below.

FIG. 3 shows a flowchart of an exemplary method 300 for establishing auser-authenticated secure communication link between first client 102and second, client 104, consistent with an embodiment of the presentdisclosure. Depending upon the desired configuration, method 300 mayoccur after the registration process of FIG. 2, or may be performed aspart, or during the course, of method 300.

As shown in FIG. 3, method 300 may include a step 302 of establishing asecure communication link 108 (e.g., an administrative VPN or an“in-the-clear” link) between client 102 and server 106. Step 302 may beaccomplished using one or more of the methods disclosed in the '375application in a manner similar to that described above with respect tostep 202 of method 200 (FIG. 2).

Method 300 may include a step 304 of obtaining user identificationinformation. In one exemplary embodiment, client 102 may obtain the useridentification information of a user of client 102. Client 102 mayobtain user identification information in a manner similar to thatdescribed above with respect to step 204 of method 200 (FIG. 2).

Method 300 may include a step 306 of sending a DNS request from client102 to server 106. The DNS request may include a request to lookup asecure network address corresponding to a secure domain associated withclient 104. An example of a secure domain associated with client 104 maybe “device-b.user-b.domain.scom,” or “device-b.domain.scom,” or anyother secure domain name that uniquely identifies second client 104. Itis to be appreciated, however, that the secure domain name may have anydesired format.

Method 300 may also include a step 308 of transmitting the user name toserver 106. In one exemplary embodiment, client 102 may transmit a username obtained in step 304 to server 106. The user name may be similar tothat described earlier with respect to step 204 of process 200 (FIG. 2).One of ordinary skill in the art would recognize that steps 306 and 308may be performed simultaneously or sequentially in any order.

Method 300 may further include a step 310 in which server 106 maydetermine whether client 102 is biometric-enabled. As used in thisdisclosure “biometric-enabled” means that a device is capable or enabledto supply biometric identification information of the user and/orcapable of establishing a user-authenticated secure communication link.For example, client 102 may be biometric-enabled if a particular settingis “on” in secure communications software module installed on client102. Server 106 may determine whether first client 102 isbiometric-enabled in many ways. For example, server 106 may refer toinformation, such as a device digital certificate, previously registeredby client 102 with server 106 to determine whether client 102 isbiometric-enabled. In one embodiment, the certificate may have a flagthat indicates whether the device is biometric-enabled, i.e., enabled tosupply the biometric identification information of the user. Thus, inmaking the determination of step 306, server 106 may consult the flag ifit exists.

When server 106 determines that client 102 is biometric-enabled (Step310, YES), server 106 may set itself as a “challenger” (Step 312) andproceed to authenticate the user of first client 102 (via “A” in FIG.4). As used herein, “challenger” means a device which is challenginganother device to properly authenticate its user.

When server 106 determines, however, that first client 102 is not,biometric-enabled (step 310, NO), method 300 may proceed to step 314 inwhich server 106 may forward the DNS request received from client 102 toclient 104. Method 300 may proceed to step 316 in which client 104 maydecide whether user authentication is necessary. If, however, client 104decides that user authentication is necessary (Step 316, YES), client104 may set itself as the challenger (Step 318) and proceed toauthenticate the user of client 102 (via “A” in FIG. 4). If client 104decides, however, that user authentication is not necessary, client 104may provide the secure network address of client 104 to client 102, andthat secure network address maybe used to establish a securecommunication link between clients 102, 104. As discussed above,however, this link maybe be vulnerable to access by nefarious users atclient 102 who have not been authenticated by system 100. One ofordinary skill in the an would recognize that because client 102 andclient 104 have not yet established a secure communication link 116,second client 104 may communicate with first client 102 during thechallenge process via server 106, in some embodiments. In an alternativeembodiment, if client 104 is the challenger, a direct communication linkmay be established between clients 102 and 104 that may be secure to theextent that the data transmitted on the link is encrypted. Clients 102or 104 may not be aware of each other's secure network address at thistime. Irrespective of who the challenger is, method 300 may proceed via“A” to step 402 of FIG. 4, which will be described in more detail below.

FIG. 4 shows a flowchart of an exemplary challenge method 100,consistent with an embodiment of the present disclosure. As furtherdescribed below, the exemplary method of FIG. 4 may be implemented toexecute the challenge process for authenticating the user andestablishing a user-authenticated secure communication link 116 betweenfirst client 102 and second client 104.

As shown in FIG. 4, method 400, may include a step 402 for retrievingthe random vector and random hash key associated with the user name ofthe user of first client 102. In one exemplary embodiment, thechallenger (server 106 or client 104) may access database 112 toretrieve the random vector and random hash key. Accessing database 112may involve reading information in database 112 from a memory or storagedevice associated with one of server 106 or client 104. The challengermay identify the random vector and random hash key stored in associationwith the user name and the device information of first client 102 indatabase 112.

Method 400 may include a step 404 of transmitting the random vector andrandom hash key corresponding to the user name to client 102. In oneembodiment, when client 104 is the challenger, it may transmit therandom vector and random hash key to server 106 which, in turn, maytransmit the random vector and random hash key to client 102.

Method 400 may include a step 406 of generating a second user hash valuebased on the user identification information obtained previously in step308 and the random vector and random hash key provided to client 102 bythe challenger. In one exemplary embodiment, client 102 may generate thesecond user hash value in a manner similar to that described above withrespect to step 212 of process 200 (FIG. 2).

Method 400 may further include a step 408 of transmitting the seconduser hash value from client 102 to the challenger. When server 106 isthe challenger, client 102 may transmit the second user hash value toserver 106 via communication link 108. Alternatively, if client 104 isthe challenger, client 102 may transmit the second user hash value toserver 106 via communication link 108, and server 106 may furthertransmit the second user hash value to second client 104 viacommunication link 110.

Method 400 may also include a step 410 of retrieving the hash valuecorresponding to the user and client 102. This hash value may bereferred to as “first user hash value.” In one exemplary embodiment, thechallenger (server 106 or client 104) may retrieve the first user hashvalue stored in association with the user name from database 112. Thechallenger may retrieve the first user hash value in a manner similar tothe challenger's retrieval of the random vector and random hash keydescribed above with regard to step 402. One of ordinary skill in theart would recognize that the challenger may retrieve the random vector,the random hash key, and the first user hash value simultaneously orsequentially.

Method 400 may include a step 412 of determining whether the second userhash value received by the challenger from client 102 matches the firstuser hash value stored in database 112. When the challenger determinesthat the second user hash value matches the first user hash value (step412, YES), the challenger may send an accept notification to client 102notifying client 102 that the user has been authenticated (Step 414).When the challenger determines, however, that the second user hash valuedoes not match the first user hush value (step 412. NO), the challengermay send a reject notification to client 102 notifying client 102 thatthe user has not been authenticated (step 416).

As part of step 414, server 106 may provide client 102 with the securenetwork address of second client 104 in response to the DNS requesttransmitted by client 102. One of ordinary skill in the art wouldrecognize that when client 104 is the challenger, it may notify server106 that the user has been authenticated in step 414. After receivingthe notification from client 104, server 106 may send the secure networkaddress of client 106 to client 104. Server 106 may or may not have thesecure network address of client 104, in which case client 104 mayprovide its secure network address to server 106 once the user has beenauthenticated. Server 106 may then transmit the secure network addressof client 104 to client 102 as part of step 414.

In one exemplary embodiment, client 104 may also be a server and may be“headless.” As used in this disclosure, “headless” refers to a devicewhich does not have an operator's console and/or a user at the console.In this exemplary embodiment, only one user, the user of client 102 mayneed to be authenticated.

Although the above description discusses authentication of a user ofclient. 102, a user of another client 104 may be authenticated usingmethods 300 and 400 in a similar manner. One of ordinary skill in theart would recognize that during authentication of a user of client 104,server 106 and/or client 102 may play the role of the challenger. One ofordinary skill in the art would also recognize that in addition toauthenticating users of clients 102, 104, clients 102, 104 may also beauthenticated using methods 300 and 400 described above. For example, byincluding information regarding clients 102 and 104 in the useridentification information, methods 300 and 400 may be used toauthenticate clients 102, 104 in addition to users of clients 102, 104.Further, one of ordinary skill in the art would recognize that after theuser of client 106 has been authenticated, server 106 may send thesecure network address of first client 102 to second client 104.

Method 400 may also include a step 418 in which client 102 may establishsecure communication link 116 with client 104 for the user of client102, who has been authenticated in proceeding steps 402-414. One ofordinary skill in the art would recognize that when users of bothclients 102, 104 are authenticated, communications transmitted oversecure communication link 116 can be trusted by clients 102, 104 asoriginating from authenticated users.

FIG. 5 shows a flowchart of an exemplary registration method 500,consistent with an embodiment of the present disclosure. Method 500 issimilar to method 200 in certain aspects. In particular, FIG. 5describes a variation of the exemplary embodiment set forth with respectto FIG. 2 and therefore, an explanation of the common elements betweenthese two embodiments is omitted in the interest of conciseness. Rather.FIG. 5 is explained primarily in terms of exemplary differences betweenthe methods of FIGS. 2 and 5. As explained below, the steps of method500 may be implemented by the processor(s) of client 102, client 104,and/or server 106 executing computer-readable program instructionsstored in memory.

Step 502 may be similar to step 202. Step 504 may be similar to step204. Step 506 may be similar to step 206. Step 508 may be similar tostep 208 except that a first random hash key (HK1) may be generated byserver 106 instead of a random hash key and a random vector. Similar tostep 210, method 500 may include a step 510 of transmitting HK1, exceptthat no random vector is transmitted in step 510. In one exemplaryembodiment, server 106 may transmit HK1 to client 102. Additionally, instep 510, server 106 may transmit a public key of server 106 (which maybe acting as a registrar).

Method 500 may further include a step 512 of generating a first userhash value representing the user based on HK1. In one exemplaryembodiment, client 102 may generate a first user hash value (X)representing the user by performing a hashing operation on the useridentification vector using HK1 provided by server 106. Client 102 mayemploy hashing algorithms well known in the art to generate the firstuser hash value (X).

Method 500 may also include a step 514 of transmitting the first userhash value (X). In one exemplary embodiment, client 102 may transmit Xto server 106. Further, process 500 may include a step 516 of storingthe user name in database 112. Step 516 may also include storing deviceinformation of client 102, HK1, and X, in association with the user namein database 112. In one exemplary embodiment, server 106 may store theuser name, device information of client 102. KH1, and X in associationwith each other in database 112.

One of ordinary skill in the art would recognize that biometricinformation of the same user, collected on different devices, may bedifferent, for example, due to characteristics or settings of the deviceon which the biometric information was collected. One of ordinary skillin the art would further recognize that to correctly identify a user andthe user's device, e.g., client 102, it may be necessary to associatedevice information of the device on which biometric information wasobtained for a user with the user name of the user. Server 106 maypre-register users of client 102 in database 112 using method 500.Further, server 106 may pre-register users of client 104 in database112, using method 500, in a manner similar to that described above withrespect to registering users of client 102. However, it is to beappreciated that registration method 500 may be performed at any timebefore or during the course of establishing of communication link 116.

As discussed above with reference to the registration process of FIG. 2,a similar registration process tray occur with respect to databasesassociated with clients 102 and 104. For example, in addition toregistering with server 106, client 102 may register itself with client104. Further, as discussed earlier, in the event clients 102 and 104register with each other, the registration process may be carried outthrough server 106, which may act as an intermediary. Alternatively,clients 102 and 104 may establish a communication link with each otherthat may be secure to the extent that the data transmitted on the linkis encrypted. Clients 102 or 104 may not be aware of each other's secureIP or network address at this time.

FIG. 6 shows a flowchart for establishing a user-authenticated securecommunication link between client 102 and client 104, consistent with anembodiment of the present disclosure. In some embodiments, the method600 may occur after the registration process of FIG. 5. In otherembodiments, however, the registration process of FIG. 5 may beperformed as part of or during the course of method 600. Each of thesteps in method 600 is similar to steps in method 300. For example, step602 in method 600 is similar to step 302 in method 300. Similarly, step616 in method 600 is similar to step 313 in method 300. Accordingly, thesteps of method 600 are not described herein for conciseness. As withthe other disclosed methods, the steps of method 600 may be implementedby the processor(s) of client 102, client 104, and/or server 106executing computer-readable program instructions stored in memory.

FIG. 7 shows a flowchart of an exemplary challenge method 700,consistent with an embodiment of the present disclosure. As furtherdescribed below, the exemplary method of FIG. 7 may be implemented toexecute the challenge process for authenticating the user andestablishing a user-authenticated secure communication link 116 betweenclient 102 and client 104. Method 700 is similar to method 400 incertain respects. One difference between method 700 and method 400 isthat, in method 700, the user identification vector is not revealed tothe registrar and the challenger. As with the other disclosed methods,the steps of method 700 may be implemented by the processor(s) of client102 client 104, and/or server 106 executing computer-readable programinstructions stored in memory.

As shown in FIG. 7, method 700, may include a step 702 for retrievingthe first random hash key associated with the user name of the user ofclient 102. In one exemplary embodiment, the challenger (server 106 orclient 104) may access database 112 to retrieve the first random hashkey (HK1). Accessing database 112 may involve reading information indatabase 112 from a memory or storage device associated with one ofserver 106 or client 104. The challenger may identify the first randomhash key stored using the user name and the device information of firstclient 102 in database 112. In step 702, challenger may also generate arandom vector, which may include randomly-selected values. The randomvector may be one-dimensional or multi-dimensional, and may have arandomly-selected size. Challenger may further generate a second randomhash key (HK2).

Method 700 may include a step 704 of transmitting the random vector,HK1, and HK2. In one embodiment, when client 104 is the challenger, itmay transmit the random vector, the random hash keys (HK1 and HK2) toserver 106 which, in turn, may transmit them to client 102.

Method 700 may include a step 706 of generating a second user hash value(X′) based on the user identification information obtained previously instep 604 and HK1. In one exemplary embodiment, client 102 may generateX′ in a manner similar to that described, above with respect to step 512of process 500 (FIG. 5). In step 706, client 102 may further generate athird user hash value (V) from the second user hash value (X′). Forexample, client 102 may perform an exclusive OR between X′ and therandom vector received from challenger to get a first resulting vector(Z). Next, client 102 may take a hash of Z using the second random hashkey (HK2) to obtain the third user hash value (V).

Method 700 may further include a step 708 of transmitting the third userhash value (V) from client 102 to the challenger. When server 10 is thechallenger, client 102 may transmit V to server 106 via communicationlink 108. Alternatively, if client 104 is the challenger, client 102 maytransmit V to server 106 via communication link 108, and server 106 mayfurther transmit V to second client 104 via communication link 110.

Method 700 may also include a step 710 of retrieving the first user hashvalue (X) corresponding to the user and client 102. In one exemplaryembodiment, the challenger (server 106 or client 104) may retrieve Xstored in association with die user name from database 112. Thechallenger may retrieve X in a manner similar to the challenger'sretrieval of the first random hash key (HK1) described above with regardto step 702. Next, the challenger may generate a fourth user hash value(V′) based on X. For example, the challenger may generate a secondresulting vector (Z′) by performing an exclusive OR between X and therandom vector that challenger sent to client 102 in step 704. Challengermay then obtain V′ by taking a hash of Z′ using the second random hashkey (HK2).

Method 700 may include a step 712 of determining whether the third userhash value (V) received by the challenger from client 102 matches thefourth user hash value (V′). When the challenger determines that theymatch (step 712, YES), the challenger may send an accept notification toclient 102 notifying client 102 that the user has been authenticated(Step 714). When the challenger determines, however, that the hashvalues do not match (step 712, NO), the challenger may send a rejectnotification to client 102 notifying client 102 that the user has notbeen authenticated (step 716).

As part of step 714, server 106 may provide client 102 with the securenetwork address of client 104 in response to the DNS request transmittedby client 102. One of ordinary skill in the art would recognize thatwhen client 104 is the challenger, it may notify server 106 that theuser has been authenticated in step 414. After receiving thenotification from client 104, server 106 may send the secure networkaddress of client 106 to client 104. Server 106 may or may not have thesecure network address of client 104, in which case client 104 mayprovide its secure network address to server 106 once the user has beenauthenticated. Server 106 may then transmit the secure network addressof client 104 to client 102 as part of step 714.

In one exemplary embodiment, client 104 may also act as a server and maybe “headless.” As used in this disclosure, “headless” refers to a devicewhich does not have an operator's console and/or a user at the console.In this exemplary embodiment, only one user, the user of client 102 mayneed to be authenticated.

Although the above description discusses authentication of a user ofclient 102, a user of another client 104 may be authenticated usingmethods 600 and 700 in a similar manner. One of ordinary skill in theart would recognize that during authentication of a user of client 104,server 106 and/or client 102 may play the role of the challenger. One ofordinary skill in the art would also recognize that in addition toauthenticating users of clients 102, 104, clients 102, 104 may also beauthenticated using methods 600 and 700 described above. For example, byincluding information regarding clients 102 and 104 in the useridentification information, methods 600 and 700 may be used toauthenticate clients 102, 104 in addition to users of clients 102, 104.Further, one of ordinary skill in the art would recognize that after theuser of client 106 has been authenticated, server 106 may send thesecure network address of first client 102 to second client 104.

Method 700 may also include a step 718 in which client 102 may establishsecure communication link 116 with client 104 for the user of client102, who has been authenticated in preceding steps 702-714. One ofordinary skill in the art would recognize that when users of bothclients 102, 104 are authenticated, communications transmitted oversecure communication link. 116 can be trusted by clients 102, 104 asoriginating from authenticated users.

While the exemplary methods and processes may be described herein as aseries of steps, it is to be understood that the order of the steps maybe varied. In particular, non-dependent steps may be performed in anyorder, or in parallel. Moreover, the above-noted features and otheraspects and principles of the present invention may be implemented invarious environments. Such environments and related applications may bespecially-constructed for performing the various processes andoperations of the invention or they may include a general-purposecomputer or computing platform selectively activated or reconfigured bycode to provide the necessary functionality. The processes disclosedherein are not inherently related to any particular computer or otherapparatus, and may be implemented by a suitable combination of hardware,software, and/or firmware. For example, various general-purpose machinesmay be used with programs written in accordance with teachings of thedisclosure, or it may be more convenient to construct a specializedapparatus or system to perform the required methods and techniques.

Systems and methods consistent with the present invention also includecomputer readable media that include program instruction or code forperforming various computer-implemented operations based on the methodsand processes of the disclosure. The media and program instructions maybe those specially designed and constructed for the purposes of thedisclosure, or they may be of the kind well known and available to thosehaving skill in the computer software arts. Examples of programinstructions include for example machine code, such as produced by acompiler, and files containing a high level code that can be executed bythe computer using an interpreter.

Other embodiments of the disclosure will be apparent to those skilled inthe art from consideration of the specification and practice of theembodiments disclosed herein. It is intended that die specification andexamples be considered as exemplary only, with a true scope and spiritof the invention being indicated by the following claims.

The invention claimed is:
 1. A computer-implemented method forestablishing an encrypted communication link between a first device anda second device, the method comprising: accessing, from a storage,identification information of a user of the first device; receiving, ata domain name server, a Domain Name Service (DNS) request from the firstdevice requesting a network address corresponding to a domain nameassociated with the second device, the domain name being used toestablish the encrypted communication link to the second device;authenticating, at the domain name server, the user based on the useridentification information, the user identification informationincluding biometric information of the user, wherein the biometricinformation includes data representing at least one of a photograph, afingerprint, a speech sample, a facial image, or an image of a retina oriris associated with the user; and transmitting the network address inresponse to the DNS request based on a determination that the user hasbeen authenticated at the domain name server using the biometricinformation of the user, wherein the encrypted communication linkbetween the first device and the second device is established based onthe network address; wherein the step of authenticating the user furtherincludes: receiving, from the first device, a first hash value generatedbased on the user identification information; comparing the first hashvalue to a second hash value; sending an accept notification to thefirst device when the first hash value matches the second hash value;and sending a reject notification to the first device when the firsthash value does not match the second hash value.
 2. Thecomputer-implemented method of claim 1, wherein receiving the first hashvalue includes: retrieving, by the domain name server, a random vectorand a random hash key; sending the retrieved random vector and randomhash key to the first device; receiving, from the first device, thefirst hash value, the first hash value being generated by: generating auser vector by combining the random vector and the user identificationinformation; and performing a hashing operation on the user vector usingthe random hash key.
 3. The computer-implemented method of claim 2,further comprising: receiving a user name for the user from the firstdevice; accessing a database that stores second hash values inassociation with user names; and retrieving the second hash valuecorresponding to the user name from the database.
 4. Thecomputer-implemented method of claim 3, wherein the user name comprisesthe domain name of the first device.
 5. The computer-implemented methodof claim 3, wherein the DNS request includes the user name.
 6. Thecomputer-implemented method of claim 1, wherein the step ofauthenticating the user further includes: receiving, from the firstdevice, an encrypted first hash value generated based on the useridentification information; decrypting the first hash value using apublic key; comparing the decrypted first hash value with a second hashvalue; sending an accept notification to the first device when thedecrypted first hash value matches the second hash value; and sending areject notification to the first device when the decrypted first hashvalue does not match the second hash value.
 7. The computer-implementedmethod of claim 6, wherein receiving the first hash value includes:retrieving, by the domain name server, a public key and a random hashkey; sending the retrieved public key and a random hash key to the firstdevice; receiving, from the first device, the encrypted first hashvalue, the encrypted first hash value being generated by: performing ahashing operation on the user identification information using therandom hash key; and encrypting, using the public key, the hashed useridentification information.
 8. The computer-implemented method of claim7, further comprising: receiving a user name for the user from the firstdevice; accessing a database that stores second hash values inassociation with user names; and retrieving the second hash valuecorresponding to the user name from the database.
 9. Thecomputer-implemented method of claim 8, wherein the user name comprisesthe domain name of the first device.
 10. The computer-implemented methodof claim 8, wherein the DNS request includes the user name.
 11. Thecomputer-implemented method of claim 1, further comprising:authenticating, in addition to the user, the first device; andtransmitting the network address in response to the DNS request based ona determination that the user has been authenticated and also that thefirst device has been authenticated.
 12. The computer-implemented methodof claim 1, wherein the biometric information is approximated.
 13. Adomain name server for establishing an encrypted communication linkbetween a first device and a second device, the domain name servercomprising: a data storage device storing identification information fora plurality of devices; a memory storing instructions; and one or moreprocessors configured to execute the instructions to: access, from thestorage, identification information of a user of the first device;receive, at the domain name server, a Domain Name Service (DNS) requestfrom the first device requesting a secure network address correspondingto a domain name associated with the second device, the domain namebeing used to establish the encrypted communication link to the seconddevice; authenticate, at the domain name server, the user based on theuser identification information, the user identification informationincluding biometric information of the user, wherein the biometricinformation includes data representing at least one of a photograph, afingerprint, a speech sample, a facial image, or an image of a retina oriris associated with the user; and transmit the network address inresponse to the DNS request based on a determination that the user hasbeen authenticated at the domain name server using the biometricinformation of the user, wherein the encrypted communication linkbetween the first device and the second device is established based onthe network address, and wherein, to authenticate the user, the one ormore processors are further configured to execute the instructions to:receive, from the first device, a first hash value generated based onthe user identification information; compare the first hash value to asecond hash value; send an accept notification to the first device whenthe first hash value matches the second hash value; and send a rejectnotification to the first device when the first hash value does notmatch the second hash value.
 14. The domain name server of claim 13,wherein, to receive the first hash value, the one or more processors arefurther configured to execute the instructions to: retrieve a randomvector and a random hash key; send the retrieved random vector andrandom hash key to the first device; receive, from the first device, thefirst hash value, the first hash value being generated by: generating auser vector by combining the random vector and the user identificationinformation; and performing a hashing operation on the user vector usingthe random hash key.
 15. The domain name server of claim 13, the one ormore processors being further configured to execute the instructions to:receive a user name for the user from the first device; access adatabase that stores second hash values in association with user names;and retrieve the second hash value corresponding to the user name fromthe database.
 16. The domain name server of claim 15, wherein the username comprises the domain name of the first device.
 17. The domain nameserver of claim 15, wherein the DNS request includes the user name. 18.The domain name server of claim 13, wherein, to authenticate the user,the one or more processors are further configured to execute theinstructions to: receive, from the first device, an encrypted first hashvalue generated based on the user identification information; decryptthe first hash value using a public key; compare the decrypted firsthash value with a second hash value; send an accept notification to thefirst device when the decrypted first hash value matches the second hashvalue; and send a reject notification to the first device when thedecrypted first hash value does not match the second hash value.
 19. Thedomain name server of claim 18, wherein, to receive the first hashvalue, the one or more processors are further configured to execute theinstructions to: retrieve, by the domain name server, a public key and arandom hash key; send the retrieved public key and a random hash key tothe first device; receive, from the first device, the encrypted firsthash value, the encrypted first hash value being generated by: perform ahashing operation on the user identification information using therandom hash key; and encrypt, using the public key, the hashed useridentification information.
 20. The domain name server of claim 18, theone or more processors being further configured to execute theinstructions to: receive a user name for the user from the first device;access a database that stores second hash values in association withuser names; and retrieve the second hash value corresponding to the username from the database.
 21. The domain name server of claim 20, whereinthe user name comprises the domain name of the first device.
 22. Thedomain name server of claim 20, wherein the DNS request includes theuser name.
 23. A computer-implemented method for establishing anencrypted communication link between a first device and a second device,the method comprising: determining, by a domain name service, whetherthe first device is enabled for biometric authentication of a user; andbased on a determination that the first device is enabled for biometricauthentication of the user: accessing, from a storage, identificationinformation of the user of the first device; receiving, at a domain nameserver, a Domain Name Service (DNS) request from the first devicerequesting a network address corresponding to a domain name associatedwith the second device, the domain name being used to establish theencrypted communication link to the second device; authenticating, atthe domain name server, the user based on the user identificationinformation, the user identification information including biometricinformation of the user, wherein the biometric information includes datarepresenting at least one of a photograph, a fingerprint, a speechsample, a facial image, or an image of a retina or iris associated withthe user; and transmitting the network address in response to the DNSrequest based on a determination that the user has been authenticated atthe domain name server using the biometric information of the user,wherein the encrypted communication link between the first device andthe second device is established based on the network address.
 24. Thecomputer-implemented method of claim 23, wherein the step ofdetermining, by a domain name service, whether the first device isenabled for biometric authentication of a user further includes:retrieving a previously registered digital certificate associated withthe client, wherein the registered digital certificate contains a flagthat indicates whether the device is enabled for biometricauthentication; and reading the flag to determine whether the device isenabled for biometric authentication.
 25. A domain name server forestablishing an encrypted communication link between a first device anda second device, the domain name server comprising: a data storagedevice storing identification information for a plurality of devices; amemory storing instructions; and one or more processors configured toexecute the instructions to: determine, by a domain name service,whether the first device is enabled for biometric authentication of auser; and based on a determination that the first device is enabled forbiometric authentication of the user: access, from a storage,identification information of the user of the first device; receive, ata domain name server, a Domain Name Service (DNS) request from the firstdevice requesting a network address corresponding to a domain nameassociated with the second device, the domain name being used toestablish the encrypted communication link to the second device;authenticate, at the domain name server, the user based on the useridentification information, the user identification informationincluding biometric information of the user, wherein the biometricinformation includes data representing at least one of a photograph, afingerprint, a speech sample, a facial image, or an image of a retina oriris associated with the user; and transmit the network address inresponse to the DNS request based on a determination that the user hasbeen authenticated at the domain name server using the biometricinformation of the user, wherein the encrypted communication linkbetween the first device and the second device is established based onthe network address.
 26. The domain name server of claim 25, wherein, todetermine, by a domain name service, whether the first device is enabledfor biometric authentication of a user, the one or more processors arefurther configured to execute the instructions to: retrieve a previouslyregistered digital certificate associated with the client, wherein theregistered digital certificate contains a flag that indicates whetherthe device is enabled for biometric authentication; and read the flag todetermine whether the device is enabled for biometric authentication.